Hackers are continuing to target Australia, with the latest attack on a major cancer clinic in Sydney demonstrating that institutions across the country are still falling behind well behind in their cybersecurity.
New South Wales (NSW) Health said they were alerted to a Medusa ransomware attack on the Crown Princess Mary Cancer Centre on Thursday and are investigating the issue.
“NSW Health continues to investigate this issue which does not appear to have impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases,” they said.
“The safety and security of all NSW Health systems remains of the highest importance and is continually monitored and safeguarded.”
The ransomware hackers are demanding $100,000 (US$67,000) for the release of the encrypted data within the next seven days, or they will release the data onto the dark web, according to their ransomware blog, reported technological security company FalconFeedsio in a Twitter post.
The hack is the latest in a string of ransomware attacks by the Medusa ransomware gang, which first emerged in June 2021 and had relatively low activity and victims. However, this changed at the beginning of 2023 when the group launched its ‘Medusa blog,’ which it uses to leak data of victims who refuse to pay.
Australia Trailing World in Cyber Security
The latest attack comes after the Minister for Cyber Security Clare O'Neil said Australia was five years behind where it should be on cyber security due to failures in the former government’s cyber strategy.“It’s crazy because we are going to—we have experienced large-scale cyber attacks, and to a degree, they will continue.
“Whatever we do, even if we are the most cyber-safe country in the world, we’re still going to see cyber attacks because cybercrime is that prolific. So part of the resilience kind of approach for the government is to make sure that we’re able to help the country recover quickly.”
The Albanese government has been the first to establish a cyber incident response function as part of the Home Affairs department, with Prime Minister Anthony Albanese recently appointing a Cyber Coordinator who will be responsible for conducting this nationally.
The minister has also said she believes Australia is currently not an easy target for hackers.
“There is an enormous amount of effort going into making sure that Australia is a hard target, and we are making significant ground on that,” O'Neil said.
“We’ve set up Hack the Hackers, which is the first time the Australian government has asked the Federal Police and the cyber guns in the Australian Signals Directorate to work together to basically turn their energies and forces onto debilitating and degrading the ability of the hacking groups.
“And that work is going really, really well, and it’s a model that countries around the world are looking at.”
The Australian government has said it will strike back against cyber hackers, creating a 100-person strong task force staffed by the Australian Federal Police and the Australian Signals Directorate.
Major Public Companies Targeted
Since 2022 Australia has experienced a raft of cyber incidents targeting major public companies like Medibank, Australia’s larger health insurer; Optus, the second largest telecommunications company; and EnergyAustralia, one of the three largest energy companies.Hackers have also attacked Australian universities like Queensland University of Technology, as well as the defence department and private companies Vinomofo, Woolworths’ MyDeal, and Medlab.
